fix: Perbaiki CORS middleware agar selalu add headers jika wildcard diizinkan, tambah script check_cors.php

2025-12-17 14:02:49 +07:00
parent 0dacce974c
commit bae1da324b
2 changed files with 84 additions and 0 deletions
--- a/src/Middleware/CorsMiddleware.php
+++ b/src/Middleware/CorsMiddleware.php
@@ -68,6 +68,12 @@ class CorsMiddleware implements MiddlewareInterface
        // Determine allowed origin
        $allowedOrigin = $this->getAllowedOrigin($origin);

+        // Always add CORS headers if wildcard is allowed (even if origin is empty)
+        // This ensures CORS works for all requests
+        if ($allowedOrigin === null && in_array('*', $this->allowedOrigins, true)) {
+            $allowedOrigin = '*';
+        }
+
        if ($allowedOrigin) {
            $response = $response->withHeader('Access-Control-Allow-Origin', $allowedOrigin);
        }